VXLAN EVPN Fabric and automation using Ansible

VXLAN EVPN Fabric and automation using Ansible Faisal Chaudhry, Principal Architect Umair Arshad, Sr Network Consulting Engineer Lei Tian, Solution Architecture

Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Agenda Intro to VXLAN BGP EVPN Intro to Ansible Lab Topology Lab tasks 1. Configure VXLAN BGP EPVN using CLI 2. Configure VXLAN BGP EVPN using Ansible + NXOS modules 3. Configure VXLAN BGP EVPN using Ansible + Jinja2 template

Intro to VXLAN BGP EVPN

Intro to VXLAN BGP EVPN Open, Scalable Fabric Refresh for VXLAN Layer 2 overlay technology on Layer 3 underlay VXLAN segment is identified by 24-bit segment ID No control plane Flood and Lean VXLAN BGP EVPN Use MP-BGP with EVPN AF to distribute L2/L3 reachability information Distributed Anycast Gateway Symmetric IRB VPC Anycast VTEP ARP suppression Multi-Tenancy 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

VXLAN BGP EVPN Terminology VTEP: Hardware or software element at the edge for VXLAN encapsulation VNI: a logical network instance for layer 2 broadcast domain Fabric Underlay VTEP Border Leaf VTEP VNID: 24 bit segment ID Anycast Gateway: distributed default gateway function across al leaf nodes WAN/ DCI VXLAN L2 Gateway: gateway translate VLAN to VXLAN and VXLAN to VLAN in same BD VXLAN L3 Gateway: gateway translate VXLAN to VXLAN or VXLAN to VLAN in different BD VNI Anycast Gateway VXLAN L2/L3 Gateway Overlay 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

VXLAN BGP EVPN Host reachability BGP update 1. Host 172.24.140.10 comes online Leaf-1 IP ARP Table Address Age MAC Address Interface Flags 172.21.140.10 00:03:48 0050.56a0.7630 Vlan140 Leaf-1 mac table VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ 140 0050.56a0.7630 dynamic 00:04:00 F F Eth1/3 HWaddr 00:50:56:A0:76:30 inet addr:172.21.140.10 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

VXLAN BGP EVPN Host reachability BGP update 1. Host 172.24.140.10 comes online 2. VTEP leaf-1 install MAC and MAC-IP into L2RIB show l2route evpn mac evi 140 Topology Mac Address Prod Flags Seq No Next-Hops 140 0050.56a0.7630 Local L, 0 Eth1/3 show l2route evpn mac-ip evi 140 Topology Mac Address Prod Flags Seq No Next-Hops 140 0050.56a0.7630 HMM -- 0 172.21.140.10 Local HWaddr 00:50:56:A0:76:30 inet addr:172.21.140.10 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

VXLAN BGP EVPN Host reachability BGP update 1. Host 172.24.140.10 comes online 2. VTEP leaf-1 install MAC and MAC-IP into L2RIB 3. VTEP leaf-1 installs host mac-ip to L2VPN EVPN show bgp l2vpn evpn vni-id 50140 Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.8:32907 (L2VNI 50140) *>l[2]:[0]:[0]:[48]:[0050.56a0.7630]:[32]:[172.21.140.10]/272 192.168.0.18 100 32768 i HWaddr 00:50:56:A0:76:30 inet addr:172.21.140.10 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

VXLAN BGP EVPN Host reachability BGP update 1. Host 172.24.140.10 comes online 2. VTEP leaf-1 install MAC and MAC-IP into L2RIB 3. VTEP leaf-1 installs host mac-ip to L2VPN EVPN 4. VTEP leaf-1 advertises L2/L3 VNI routes to its EVPN neighbors sh bgp l2 evpn nei 192.168.0.6 advertised-routes Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.8:32907 (L2VNI 50140) *>l[2]:[0]:[0]:[48]:[0050.56a0.7630]:[32]:[172.21.140.10]/272 192.168.0.18 100 32768 i HWaddr 00:50:56:A0:76:30 inet addr:172.21.140.10 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

VXLAN BGP EVPN Host reachability BGP update 1. Host 172.24.140.10 comes online 2. VTEP leaf-1 install MAC and MAC-IP into L2RIB 3. VTEP leaf-1 installs host mac-ip to L2VPN EVPN 4. VTEP leaf-1 advertises L2/L3 VNI routes to its EVPN neighbors 5. VTEP Spine nodes advertise L2/L3 VNI route to all other leaf nodes sh bgp l2vpn evpn 172.21.140.10 BGP routing table information for VRF default, address family L2VPN EVPN Route Distinguisher: 192.168.0.8:32907 BGP routing table entry for [2]:[0]:[0]:[48]:[0050.56a0.7630]:[32]:[172.21.140.10]/272, version 10 Paths: (1 available, best #1) Flags: (0x000202) on xmit-list, is not in l2rib/evpn, is not in HW Path-id 1 advertised to peers: 192.168.0.9 192.168.0.10 192.168.0.11 HWaddr 00:50:56:A0:76:30 inet addr:172.21.140.10 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

VXLAN BGP EVPN Distributed Anycast Gateway All leaf nodes have same IP and MAC address for extended subnet No additional FHRP protocol Optimize East/West and North/South routing VLAN 140, Gateway IP: 172.21.140.1, MAC: 0000.2222.3333 VLAN 141, Gateway IP: 172.21.141.1, MAC: 0000.2222.3333 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

VXLAN BGP EVPN Symmetric IRB VLAN/L2VNI only required on leaf nodes where end host resides New L3VNI for each VRF to handle VXLAN L3 routing Routed traffic is forwarded symmetrically using L3VNI VTEP1 VTEP2 SVI A SVI B SVI B SVI A VLAN A VLAN B VNI A VNI B VLAN A VLAN B H2 H1 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

Intro to Ansible

Intro to Ansible Open Automation Platform Ansible is a easy to use, configuration management and IT automation tool Ansible is agentless; only requires SSH and Python on target nodes Ansible can also be extended to use Plug-ins and API 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Intro to Ansible Terminology Host: remote machines that Ansible manages Group: several hosts that can be configured together and share common verables Inventory: file descripts hosts and groups in Ansible. Variable: names of value (int, str, dic, list) referenced in playbook or template YAML: data format for Playbook or Variables in Ansible Playbook: the script to orchestrate, automate, deploy system in Ansible. One playbook can include multiple plays. Roles: group of tasks, templates to implement specific behavior Jinja2: a Python based tempting language 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

Intro to Ansible Inventory file Inventory file includes all switches in this lab All switches can be organized in Spine and Leaf groups Inventory file can also include some variables [all:vars] defines global variables apply to all groups use [ ] define group host specific variable can also be defined in inventory file [all:vars] ansible_connection = local user=admin pwd=c1sco12345 gather_fact=no [spine] 198.18.134.140 router_id=192.168.0.6 loopback1=192.168.0.100 [leaf] 198.18.134.142 router_id=192.168.0.8 loopbacl1=192.168.0.18 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

Intro to Ansible Playbook Playbook starts with --- --- - hosts: leaf,jinja2_leaf vars: nxos_provider: username: "{{ user }}" password: "{{ pwd }}" transport: nxapi host: "{{ inventory_hostname }}" tasks: - name: configure VLAN for server port when: ("142" in inventory_hostname) or ("144" in inventory_hostname) nxos_switchport: interface: eth1/3 mode: access access_vlan: 140 provider: "{{ nxos_provider}}" Included hosts for this playbook Space and indent are very import in playbook Use {{var}} to reference variable in a play 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

Intro to Ansible Roles role helps organizing playbook role makes playbook more modular each function or application can be a role, in our lab, spine and leaf can be two different roles roles are inside roles folder role uses directory structure and expect certain directory names [root@rhel7-tools ]# tree. ansible.cfg hosts roles leaf handlers main.yml README.md tasks main.yml vars main.yml verify_underlay.yml 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

Lab Topology

Lab Exercises

Lab Exercises Exercise 1: Build Ansible node on Redhat server Exercise 2: Siimple Ansible Playbook Exercise 3: Day 1 provisioning VXLAN Fabric using Ansible + Jinja2 template Exercise 4: Day 1 provisioning VXLAN Fabric using Ansible + NXOS modules Exercise 5: Day 2 operation using Ansible Appendix A: Day 0 automation using POAP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

Lab Tips

Be aware All pods have identical setup. You will have internet access from your pod, but you don t have access other pod. It is highly recommended to use ATOM as text editor to write your Ansible script. If you prefer to use VI or other text editor, pay attention to space and indent. This lab has minimal CLI involved. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

Related Sessions BRKDCT-2949 Building DataCenter networks with VXLAN BGP-EVPN Part I BRKDCT-3378 Building DataCenter networks with VXLAN BGP-EVPN Part II LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager LTRDCT-3161 Deploying VXLAN/EVPN in DC with SDN Controller(DCNM) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

Thank you